"Christopher Schultz" <ch...@christopherschultz.net> wrote in message news:4afdb50c.70...@christopherschultz.net... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Liav, > > On 11/13/2009 10:48 AM, Liav Ezer wrote: >> I need help configuring my http connector to be a secure one via SSL. > > Are you expecting to use tcnative in order to use an "APR" connector, or > do you want to use the plain-old Java HTTP connector? If you don't know > what I'm talking about, you want the Java one. It's important to > differentiate because the configurations are done differently. > >> I have the purchased certificate's (from a CA which i don't know who is) >> products in 4 different files: >> >> xxx.domainname.com.cer -> I don't know what is this file.. > > Neither do I. Look at the date stamps to see if it's relevant. > >> xxx.domainname.com.key -> I believe this is the encrypted key for the >> certificate > > Hopefully, you created this file yourself and haven't given it to > anyone. It should be a /private/ RSA key. > >> xxx.domainname.com.csr -> I believe this is the request > > .csr files are typically "certificate request" files, so yet, that seems > reasonable. > >> xxx.domainname.com.crt -> I believe this is the actual certificate >> issed >> by the CA > > Generally, .crt files are the actual certificates. They are usually > encrypted with a passphrase and can be unlocked using the .key file above. >
Urm, usually the .crt files are not encrypted (since they are sent to anybody that asks for them by the web server). They are usually base64 encoded (since the actual data is binary). >> 1. What should i write at the keystoreFile? - Which of the 4 files i have >> do >> i need to point to? >> 2. What do i write in the keystorePass attribute? > > That depends on whether you are using APR or not. See above. > >> 3. What should i do with the rest of those 4 files? > > xxx.domainname.com.key - keep this in a safe place, preferably /not/ on > your production server. > > xxx.domainname.com.csr - You can probably discard this file, but it > might be worth keeping around alongside your .key file. > > xxx.domainname.com.cer - It depends on what this file is. It might even > be a certificate file that has no password (which would be useful if you > were using Apache httpd, but you didn't mention that so I suspect it's > not useful to have such a certificate laying around). > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkr9tQwACgkQ9CaO5/Lv0PBsYwCguvk35Bo0kLXB1UYrYr2iIAX7 > JKYAnjViDJDfcUrz4BeYnr351+v4i8us > =BPyj > -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
